CVE-2020-2300

Summary

Jenkins Active Directory Plugin 2.19 and earlier does not prohibit the use of an empty password in Windows/ADSI mode, which allows attackers to log in to Jenkins as any user depending on the configuration of the Active Directory server.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Active Directory Pluginunspecified <= 2.19affected
Jenkins projectJenkins Active Directory Plugin2.16.1unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References